Changeset 243149 in webkit


Ignore:
Timestamp:
Mar 19, 2019 10:49:21 AM (5 years ago)
Author:
pvollan@apple.com
Message:

[iOS] Remove overridden rules in sandbox
https://bugs.webkit.org/show_bug.cgi?id=193840
<rdar://problem/47558526>

Reviewed by Brent Fulgham.

On iOS, there are some rules overridden in the same sandbox file. The overridden rules
should be removed.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r243147 r243149  
     12019-03-19  Per Arne Vollan  <pvollan@apple.com>
     2
     3        [iOS] Remove overridden rules in sandbox
     4        https://bugs.webkit.org/show_bug.cgi?id=193840
     5        <rdar://problem/47558526>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        On iOS, there are some rules overridden in the same sandbox file. The overridden rules
     10        should be removed.
     11
     12        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
     13
    1142019-03-19  Timothy Hatcher  <timothy@apple.com>
    215

  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

    r243034 r243149  
    3737;;;
    3838
    39 ;;; <rdar://problem/29959382> Allow UIKit apps access to com.apple.TextInput.preferences mach service
    40 (allow mach-lookup
    41     (global-name "com.apple.TextInput.preferences"))
    42 
    43 (allow mach-lookup
    44     (xpc-service-name "com.apple.siri.context.service"))
    45 
    4639(allow mach-lookup
    4740    (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
     
    6053(url-translation)
    6154
    62 ;; For <rdar://problem/20812377> All applications need to be able to access the com.apple.UIKit.KeyboardManagement running in backboardd
    63 ;; renamed in <rdar://problem/20909914> Rename com.apple.UIKit.KeyboardManagement
    64 (allow mach-lookup
    65     (global-name "com.apple.UIKit.KeyboardManagement")
    66     (global-name "com.apple.UIKit.KeyboardManagement.hosted"))
    67 
    6855;; TextInput framework
    6956(allow mach-lookup
    70     (global-name "com.apple.TextInput")
    71     (global-name "com.apple.TextInput.emoji")
    72     (global-name "com.apple.TextInput.image-cache-server")
    73     (global-name "com.apple.TextInput.lexicon-server")
    74     (global-name "com.apple.TextInput.rdt")
    75     (global-name "com.apple.TextInput.shortcuts"))
     57    (global-name "com.apple.TextInput"))
     58
    7659(mobile-preferences-read "com.apple.da")
    77 
    78 ;; Various Accessibility services.
    79 (allow mach-lookup
    80     (xpc-service-name "com.apple.accessibility.AccessibilityUIServer")) ; Needed for Zoom focus updates
    81 
    82 ;; ZoomTouch
    83 ;; <rdar://problem/11823957>
    84 (allow mach-lookup
    85     (global-name "com.apple.accessibility.AXBackBoardServer"))
    8660
    8761;; Speak Selection & VoiceOver
     
    9468
    9569(allow mach-lookup
    96     (global-name "com.apple.audio.AudioComponentPrefs")
    97     (global-name "com.apple.audio.AudioComponentRegistrar")
    98     (global-name "com.apple.audio.AudioQueueServer"))
     70    (global-name "com.apple.audio.AudioComponentRegistrar"))
    9971
    10072(allow mach-register
     
    10779    (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
    10880
    109 ;; HearingAidSupport
    110 (allow mach-lookup
    111     (xpc-service-name "com.apple.accessibility.heard"))
    112 
    11381;; MediaAccessibility (captions)
    11482;; <rdar://problem/12801477>
     
    12290(allow mach-lookup
    12391    (global-name "com.apple.nehelper")
    124     (global-name "com.apple.nesessionmanager.content-filter") ;; <rdar://problem/48442387>
    125     (global-name "com.apple.nesessionmanager"))
     92    (global-name "com.apple.nesessionmanager.content-filter")) ;; <rdar://problem/48442387>
    12693
    12794;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
     
    13299(allow file-read*
    133100    (home-subpath "/Library/Caches/com.apple.keyboards"))
    134 
    135 ;; NSExtension helper for supplying information not provided by PlugInKit
    136 (allow mach-lookup
    137     (xpc-service-name "com.apple.uifoundation-bundle-helper"))
    138101
    139102;; <rdar://problem/19525887>
     
    171134    (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
    172135(allow mach-lookup
    173     (xpc-service-name "com.apple.lsdiconservice") ;; Remove this line after <rdar://problem/47151295> is fixed.
    174136    (xpc-service-name "com.apple.iconservices")
    175137    (global-name "com.apple.iconservices"))
     
    178140(allow mach-lookup
    179141    (global-name "com.apple.CARenderServer")
    180     (global-name "com.apple.KeyboardServices.TextReplacementService")
    181     (global-name "com.apple.assertiond.applicationstateconnection")
    182     (global-name "com.apple.assertiond.expiration")
    183     (global-name "com.apple.assertiond.processinfoservice")
    184     (global-name "com.apple.audio.SystemSoundServer-iOS")
    185     (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
    186     (global-name "com.apple.backboard.animation-fence-arbiter")
    187     (global-name "com.apple.backboard.display.services")
    188     (global-name "com.apple.backboard.hid.focus")
    189     (global-name "com.apple.backboard.hid.services")
    190142    (global-name "com.apple.iohideventsystem")
    191     (global-name "com.apple.frontboard.workspace")
    192143    (global-name "com.apple.frontboard.systemappservices"))
    193144
     
    295246    (with no-log))
    296247
    297 ;; <rdar://problem/34092690>
    298 (allow mach-lookup
    299     (xpc-service-name "com.apple.avkit.SharedPreferences"))
    300 
    301248;; <rdar://problem/34986314>
    302249(mobile-preferences-read "com.apple.indigo")
    303 
    304 ;; <rdar://problem/35417382>, <rdar://problem/35518557>
    305 (allow mach-lookup
    306     (global-name "com.apple.corespotlightservice"))
    307 
    308 ;; <rdar://problem/35446577>
    309 (allow mach-lookup
    310     (global-name "com.apple.coremedia.endpointplaybacksession.xpc"))
    311 
    312 ;; <rdar://problem/35509194>
    313 (allow mach-lookup
    314     (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc"))
    315250
    316251;;;
     
    399334(allow mach-lookup
    400335    (global-name "com.apple.PowerManagement.control")
    401     (global-name "com.apple.accountsd.accountmanager")
    402     (global-name "com.apple.analyticsd")
    403     (global-name "com.apple.coremedia.audiodeviceclock"))
     336    (global-name "com.apple.analyticsd"))
    404337
    405338(deny file-write-create (vnode-type SYMLINK))
     
    442375;; Support incoming video connections
    443376(allow mach-lookup
    444     (global-name "com.apple.audio.audiohald")
    445377    (global-name "com.apple.coremedia.compressionsession")
    446378    (global-name "com.apple.coremedia.decompressionsession")
     
    463395    (global-name "com.apple.FileProvider")
    464396    (global-name "com.apple.Honeybee.event-notify")
    465     (global-name "com.apple.KeyboardServices.TextReplacementService")
    466397    (global-name "com.apple.MediaPlayer.RemotePlayerService")
    467398    (global-name "com.apple.ReportCrash.SimulateCrash")
    468     (global-name "com.apple.TextInput.emoji")
    469     (global-name "com.apple.TextInput.image-cache-server")
    470     (global-name "com.apple.TextInput.lexicon-server")
    471     (global-name "com.apple.TextInput.preferences")
    472     (global-name "com.apple.TextInput.rdt")
    473     (global-name "com.apple.TextInput.shortcuts")
    474     (global-name "com.apple.UIKit.KeyboardManagement")
    475     (global-name "com.apple.UIKit.KeyboardManagement.hosted")
    476     (global-name "com.apple.accessibility.AXBackBoardServer")
    477     (global-name "com.apple.accessibility.AccessibilityUIServer")
    478     (global-name "com.apple.accessibility.heard")
    479399    (global-name "com.apple.accountsd.accountmanager")
    480     (global-name "com.apple.app-sandbox.mach")
    481400    (global-name "com.apple.appsupport.cplogd")
    482     (global-name "com.apple.assertiond.applicationstateconnection")
    483     (global-name "com.apple.assertiond.expiration")
    484401    (global-name "com.apple.assertiond.processassertionconnection")
    485     (global-name "com.apple.assertiond.processinfoservice")
    486     (global-name "com.apple.audio.AudioComponentPrefs")
    487     (global-name "com.apple.audio.AudioQueueServer")
    488     (global-name "com.apple.audio.SystemSoundServer-iOS")
    489     (global-name "com.apple.audio.audiohald")
    490402    (global-name "com.apple.audio.reporting.xpc")
    491     (global-name "com.apple.avkit.SharedPreferences")
    492     (global-name "com.apple.backboard.TouchDeliveryPolicyServer")
    493     (global-name "com.apple.backboard.animation-fence-arbiter")
    494     (global-name "com.apple.backboard.display.services")
    495     (global-name "com.apple.backboard.hid.focus")
    496403    (global-name "com.apple.bird")
    497404    (global-name "com.apple.bird.token")
     
    501408    (global-name "com.apple.coremedia.audiodeviceclock")
    502409    (global-name "com.apple.coremedia.audioprocessingtap.xpc")
    503     (global-name "com.apple.coremedia.endpointplaybacksession.xpc")
    504410    (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")
    505411    (global-name "com.apple.coremedia.sandboxserver")
     
    507413    (global-name "com.apple.coremedia.visualcontext.xpc")
    508414    (global-name "com.apple.coreservices.lsuseractivitymanager.xpc")
    509     (global-name "com.apple.corespotlightservice")
    510415    (global-name "com.apple.ctkd.token-client")
    511416    (global-name "com.apple.cvmsServ")
    512417    (global-name "com.apple.duetknowledged.activity")
    513418    (global-name "com.apple.dyld.closured")
    514     (global-name "com.apple.frontboard.workspace")
    515419    (global-name "com.apple.gpumemd.source")
    516420    (global-name "com.apple.hangtracerd")
     
    535439    (global-name "com.apple.quicklook.ThumbnailsAgent")
    536440    (global-name "com.apple.revisiond")
    537     (global-name "com.apple.siri.context.service")
    538441    (global-name "com.apple.springboard.backgroundappservices")
    539442    (global-name "com.apple.system.libinfo.muser")
    540     (global-name "com.apple.uifoundation-bundle-helper")
    541443    (global-name "com.apple.webkit.camera")
    542444)
Note: See TracChangeset for help on using the changeset viewer.